package com.fengmi.security;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//springsecurity配置类
@Configuration
@EnableWebSecurity
//开启权限控制注解支持
@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true,jsr250Enabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    //静态资源释放
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(
                "/swagger-ui.html/**","/css/**","/images/**","/plugins/**","/webjars/**",
                "/swagger-resources/**","/v2/**"
        );
    }

    //配置系统资源的访问规则
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                //不需要登录也能访问
                .antMatchers("/user/login", "/user/check").permitAll()
                //除了以上资源，剩下的http资源都需要登录才能访问
                .anyRequest().authenticated();

        http.csrf().disable();//禁用csrf过滤器

        http.cors();//解决跨域

        //让重写的过滤器生效
        http.addFilter(new CustomerBasicAuthenticationFilter(authenticationManagerBean()));
    }
}
